Embracing The Awful Irony At A Huge Counter-Terrorism Fair In Paris Days After ISIS Attacks

Security
I cover crime, privacy and security in digital and physical forms.

Dignitaries in military garb and suit-wearers alike can't help but be drawn to the Rapiscan CounterBomber. A modernist bongo kit of a counterterrorism device, it's spinning slowly on a platform at Parc Des Expositions, the biggest convention center in Paris. At six feet tall and more than three feet wide, the CounterBomber has three tomtom-sized radar panels connected to a sturdy tripod. The police point it at a crowd to detect the outlines of a suicide bomb strapped to any individual, at distances "outside of the blast danger zone". An agent in a truck somewhere clicks on people onscreen and gets a readout.

Andy Lynch, program manager at Rapiscan, says the company hasn't sold a unit to US law enforcement yet, but it's not out of the question. There may be some issues with fourth amendment rights, though, such is the potential for invasive unwarranted searches carried out by an agent hiding in a booth. What Rapiscan will never say out loud is that the machines would have come in handy at the Stade de France, where three men blew themselves up on Friday. It's just a 15 minute train ride from the convention center.

The Rapiscan CounterBomber on show at Milipol in Paris. Five days before the homeland security conference kicked off, ISIS terrorists killed 129 people in France's capital.

Let’s embrace the irony. It’s been less than a week since terrorists massacred 129 people across Paris, sending France into a state of emergency, closing down borders and granting police greater power, and Paris is playing home to one of the biggest homeland security expositions on the planet. On the exhibition floor are all manner of guns, less-lethal weapons, drones, anti-drone technologies, and an abundance of tools for breaking into and tracking people’s iPhones, Androids, PCs and more.

“We at Milipol Paris share in the pain of the victims’ families and friends, as well as the medical teams who came to the aid of the wounded, and to all of the incredibly brave individuals who risk their lives protecting us and our freedom,” wrote the conference organizers on the Monday, in their letter confirming that the show was going on. A French representative of Israeli firm RAFAEL Advanced Defense Systems tells me Friday’s attacks made little to no impact on the event. Eric Rabe, communications manager for controversial Italian police malware maker Hacking
Team, says Friday’s events led to bump in interest in his employer’s products.

Those expecting some solemnity should have gone elsewhere, to the Bataclan, perhaps, the concert hall where at least 87 people were killed and where flowers and candles had been left to form a temporary memorial. Here was a sales floor abuzz, champagne and canapés imbibed, grinning men commenting on the beauty of the guns on display before picking them up, aiming them as if ready to fire. ISIS just handed Milipol attendees a great sales opportunity.

*

Death is everywhere in Paris. Mourners, police sirens and next door to the counterterrorism trade show an expo for funeral directors, exhibiting a French flair for closure. My Eurostar to Paris starts at London St Pancras, named for a beheaded saint. On the train I watched Twitter for updates as the French police raided the suspected ISIS terrorists' hideout. A woman had blown herself up, a number of others arrested. A neighbour told her story to a French broadcaster: “I kept shouting ‘If you’re from the police, please help me. I’m here with my baby.’ But they kept shooting and shooting.” The suspects lived in the Saint-Denis suburb, also named for a beheaded saint.

Funeraire Paris, an expo for funeral directors, takes place just next to Milipol, a weapons and surveillance show.

Over on Twitter I saw Glenn Greenwald had penned a story about the rising stock prices of weapons manufacturers. The American giants of technological warfare - Raytheon, Booz Allen Hamilton, Northrop Grumman, Lockheed Martin, General Dynamics - have all seen significant increases in their value since the attack on Friday. Thales, France’s biggest defense supplier, also saw a notable jump. Greenwald wrote of “the media’s war juices” bringing on a thirst for military machinery. President Francois Hollande had declared his country at war with the Islamic State - or ISIS, or ISIL, or the Daesh.

The companies at Milipol will tell you that crushing ISIS will require expansive surveillance, alongside effective close-range weapons for incapacitating and eliminating terrorist threats. Yet at least three of the men involved in the Paris attacks - Ismaël Omar Mostefaï, Samy Amimour and Abdelhamid Abaaoud - were already known to European authorities. And they may not have been as technologically adept as mainstream media, fed lines by anonymous government officials, has indicated. In giving the final orders for their barbarism, they weren't even using encrypted communications, just standard texts.

Founded in 1984, Milipol Paris brings together the weapons and surveillance industries so militaries and law enforcement can have one heck of a shopping trip. On the weapons side, the tools remain simple yet effective. There’s little in the way of so-called “smart weapons” - guns with compute power to correct shooters’ poor aim or ensure the owner is the one holding the thing - or artificially intelligent devices, where computers decide how and why to shoot. Sniper rifles with sexy scopes, some using computing to help the wielder deal with wind and distance issues, are enough. Automation isn’t catching on amongst gun lovers yet.

SK Group expresses its condolences for the 129 people who were massacred by terrorists in Paris, on a stand showcasing its guns.

The continued growth is partly the result of a growing global government obsession with cyber, an infatuation only spurred on by the Paris attacks. They provided an excuse for crypto-technophobics to crow about the need to increase spying powers, and to decry terrorists’ use of technology to both hide, plot and carry out attacks. Just a matter of days after the tragedies, CIA director John Brennan called on Europe and the US to look at how certain technologies might be aiding terrorists and how surveillance could be expanded. “There has been a significant increase in the operational security of a number of these operatives and terrorist networks as they have gone to school on what it is that they need to do in order to keep their activities concealed from the authorities,” Brennan said.

“I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve.”

In the UK, though not a direct response to events in Paris, Chancellor of the Exchequer George Osborne delivered a talk at GCHQ’s spy hub in Cheltenham, announcing an increase in cybersecurity spending to £1.9 billion by 2020, 1,900 new staff across Brits’ three agencies - GCHQ, MI5 and MI6 - and the first National Cyber Centre, “the country’s first dedicated cyber force”. Anyone wondering whether the Snowden leaks would convince governments to slim down the surveillance state rather than expand it to deal with terror threats was given a definitive answer: terror always wins.

*

Navigating the huge atrium of the Milipol halls for roughly five hours on the Wednesday and another four on the Thursday, I reintroduce myself to some well-known names and uncovering new participants in the surveillance game. These are the companies who will help government agencies hack and track ISIS targets. Rogue groups like Anonymous and Ghost Security can claim to aid the cause by targeting ISIS’ Twitter accounts and websites, but the businesses showing off their wares at Milipol have the financial clout, the hardware and the software to carry out sophisticated surveillance on terrorist suspects roaming around home soil.

Not all these companies have solid reputations, though. Quite the opposite in some cases. My first stop is Hacking Team, the Italian spyware maker that was forced into a temporary shutdown this summer when a hacker prized open its digital doors and released the company’s emails for all and sundry to pick through, a task made considerably easier when Wikileaks published them in full. Though a potential catastrophe for the company, there was much Schadenfreude, a symptom of distaste for Hacking Team’s sales to countries with questionable records on human rights, from Ethiopia to Bahrain, who went on to target dissidents and journalists.

Rabe, the mouthpiece of the company in the CEO David Vincenzetti’s perennial absence from public view, says the company has recovered. “There is a lot of interest in what we do,” he says, shifting from measured to gawky American, his suit adorned with a white pocket square, before noting the added interest in Hacking Team since Friday.

The firm has re-coded its big seller - the Galileo Remote Control System - so it can bypass all anti-virus systems, Rabe claims, and it hasn’t fallen apart as many had suspected it would. Evidently. The company was supposed to have attended another huge arms fair in September, though one focused more on military: London’s DSEI. But it was too soon after the breach and it backed out. Now, however, it’s ready to get selling again.

We touch briefly on the encryption debate, one in which privacy advocates condemn politicians calling for backdoors and easy access to civilians’ encrypted communications. Rabe doesn’t believe such access is necessary, nor is he keen on dragnet surveillance. A more targeted approach is required, according to Rabe. This strategy, of course, would be beneficial to Hacking Team.

The Italians are out in force, with Milan-based iPS and RCS close by. Though neither claim to create the “lawful intercept software” that actually runs on suspects’ devices as Hacking Team does, they do run tools to help police keen on top of their targets’ movements through easy to use desktop and mobile apps. The iPS G-SMART, for instance, acts as a “private and secure social network platform to real-time track devices such as smartphones, tablets and GPS tracking equipment and immediately share operative information”, according to the firm’s brochure. RCS does much the same with its MIT3 and Xplora products, though its website does indicate it creates some kind of malware.

A few stalls over there is a real Hacking Team competitor, a company I was advised to look at by a contact in the defense industry. Wolf Intelligence is eye-catching both for its name, its logo “Intelligence Without Limit”, and the claims of its nervous Indian salesman on the stall. The company, says Nafees Ahmed, is able to infect iPhones without needing a jailbreak - the term for exploiting Apple’s iOS to allow whatever software a user wants to run on the operating system. Ahmed won’t provide more detail, though Rabe says that capability is certainly possible.

Ahmed says the company sells in Europe, the Middle East and Africa, though the conversation is stunted and awkward as soon as he recognizes I’m a reporter; I face a similar experience at most stalls.

Wolf Intelligence’s brochure makes for good reading, though, even if the firm makes some odd claims. It offers an “AI Remote Control System for Systems”, which includes “Keylogger, File Access, Sounds, HTTP BOT, DDoS, etc.”. Most of those sound plausible apart from DDoS, distributed denial of service, which has nothing to do with snooping. DDoS attacks use a group of infected machines to blast servers with traffic to knock them offline, the equivalent of filling a water pipe with gunk until it ceases to work.

The same monitoring tool can “deploy more than 22 zero day exploits” - attacks that focus on previously-unknown, unpatched software vulnerabilities. Its mobile exploits are delivered by “silent SMS” or via a malicious URL. On paper, these are impressive, though it can’t offer any proof, for obvious reasons. It claims a uniqueness that has pushed it to the “apex of our industry”, but not even Rabe has heard of Wolf.

Another oddity: Ahmed fails to recall the name of his bosses who were not at the show. Company filings in Germany show a Manish Kumar to be the firm’s director. Kumar and a Rohitash Bhomia have given talks at ISS World training events - closed conferences where police learn techniques to track down criminals across the Internet. Earlier this year, the pair gave a talk in Dubai entitled: “Next-Generation Intelligence (Locate, Monitor targets Invisibly) with A.I Remote Control Intelligence using Automation.”

Ahmed says the company is eight years old, though its website was only registered last year. Its HQ is in Hanau, and it claims to have bases in Dubai, London, Washington D.C., Berlin, and Zug in Switzerland. Ahmed says Germany Wolf Intelligence’s Munich and Zug bases are home to its research and development labs, the other offices either administrative or sales-focused.

I whistle away from the Wolf baffled but intrigued, and head over to ClearTrail, a firm with Indian roots. A representative outright refuses to speak to me or provide a brochure. I swing by later when no one is looking and grab one from under a glass table. It doesn’t elucidate on what precisely the company does. It simply derides “conventional monitoring approaches” as “obsolete”, promising a “whole new way of monitoring and analyzing the communication networks”.

But the company does crop up in the Wikileaks Hacking Team files, showing it’s not a competitor, but seemingly a complementary analytics provider. One email comes from someone claiming to have worked at ClearTrail, applying to work at the Italian firm. “ClearTrail works in Lawful Interception domain, so most of my work is based on developing C++ [Windows/Linux] systems which are involved in interception and real time analysis of network protocols and payload,” the budding private sleuth wrote. “Most of my work is research based and solution driven. Thus I have acquired insight of networks, operating system internals, multithreaded systems and other critical components of software engineering.”

Another message, from EMEA director of business development Jitendra Verma in May 2014, offered to work alongside Hacking Team: “As companies offering non-competing (rather complementary) solutions to the same market, I see a substantial scope for cooperation between Hacking Team & ClearTrail technologies.”

ClearTrail can try to hide, but as the Hacking Team leak shows, no matter how slick, shady or secretive a surveillance company is, hackers can always spill their secrets. Are they worth all that taxpayer money when they can be so thoroughly undone?

*

Marine Le Pen, president of France’s far-right National Front party, is walking around the showfloor with her entourage, eagle-eyed bodyguards and media in tow, talking with some of the biggest French defense technology providers: Airbus, Safran and Thales.

The day after the attacks, she’d said in a speech: “France and the French are no longer safe.” She called for the country to “expel foreigners who preach hatred on our soil” and strip binational Islamists of citizenship. I can’t hear what she’s saying to the defense company executives over the hubbub. I wouldn’t understand it anyway.

Marine Le Pen visits French military companies at Milipol. Her far right approach has been increasingly popular in France.

La Quadrature du Net, a French digital rights group, has warned about the three-month extension of the state of emergency in France imposed since Friday night. Approved by the lower house of the French parliament, the extension will allow searches and raids to continue without warrants. “They believe creating a police state for several months will create an illusion of security,” said Adrienne Charmet, campaign coordinator for La Quadrature du Net.

In the US, Donald Trump, the frontrunner in the GOP leadership race, said he would consider the creation of a database of Muslims and close surveillance of mosques. The second most popular candidate, Ben Carson, said the US should act like the Anonymous hacktivist group by launching a propaganda war across social media to counter ISIS’ own publicity machine. The House of Representatives passed a bill that would place strict screening processes on refugees fleeing to America from everyday atrocities in Iraq and Syria, even though the FBI said there was no credible threat of a Paris-style attack on America.

I met a large, garrulous Greek man heading to Milipol on the RER train on Thursday. He complained about the refugees who’d made their way over to Greece, not from Syria in recent months, but those from South Ossetia who he says settled in the financially and politically tumultuous country nearly a decade ago. He said they were lazy and tended to criminal activity. He handed me a brochure for a double-barrelled pistol designed to take threats down with non-lethal munitions.

I’d heard the phrase “raghead terrorist” on one of the days.

A bullish spy gadget salesman whom I spoke with briefly said he didn’t buy the civil rights argument when it came to government snooping. “If you’re under surveillance, what the fuck are you up to?” he asked. I assumed it was a rhetorical question and left.

*

I’m compelled to visit Gamma Group, once a direct competitor with Hacking Team that also became a bete noireof human rights researchers and activists, as its FinFisher technology was seen in use by President Mubarak’s Egyptian regime and the Bahraini government. It was named an “enemy of the Internet” by Reporters Without Borders. I’m told FinFisher is no longer affiliated with Gamma Group and is its own separate entity.

The most conspicuous Gamma technology on show falls under the banner of Tactical Communications Intelligence, which includes an International Mobile Subscriber Identity-capture offering, or what is more commonly-known as Stingray-type interception. IMSI-capture devices set up a fake network, forcing nearby phones to connect to them. Gamma says its version can capture 3G and 4G communications, monitoring voice calls and text messages, and can be body-worn, for added covertness on the go.

Such close-range digital surveillance is becoming popular across the world, and law enforcement agencies in the US have happily paid upwards of $100,000 for single Stingrays, originally manufactured and sold by Harris Corporation. But the privacy-invading technology has concerned civil rights activists, leading to a landmark policy decision from the US Department of Justice to ensure warrants were required for Stingray use, whilst a proposed bill would make it illegal for cops and intel agents to use the technology without judicial approval.

The harsher regulatory climate won’t stop the industry innovating. Rayzone Group, an Israeli firm and yet another Hacking Team partner, has brought a cohort of salesmen and women to push its own IMSI catcher. Set up in 2010 by Matan Caspy, a former special operation agent with the Israeli security agency Shin Bet, the Israeli firm claims it’s Piranha IMSI-capture tech “can move the phone to 2G from 3G, extract GPS location, block the communication (selective jamming), drain the buttery [super sic here] and more”.

But Rayzone has an offensive product that promises to be even more invasive called InterApp, an “apps and cloud interception system”. It offers a rogue Wi-Fi hub that exploits smartphone application vulnerabilities, seeking to “get intimate information of any phone user, which is in the system's proximity”. InterApp can collect the target’s “user email address and password, contact list, Dropbox, operating system of the phone, photos, Internet history browsing, locations, and much more”.

"It is fully transparent to the target and does not require any cooperation from the phone owner. The only required condition is that the Wi-Fi transmitter of the mobile device will be open (no need to surf the web)."

The company hadn’t responded to my request for comment after I’d returned to the UK. It is one of many Israeli hacking firms born out of the country's very capable intelligence agencies. Elbit Systems, the biggest of them all, is a few stalls over.

*

Though technology that watches and doesn’t act is the big seller at Milipol, in the physical surveillance realm, where gadgets assist intelligence experts on the ground as they close in on terrorist targets, there are what aficionados might call "sexy" tools.

They include innumerable x-ray and radar technologies designed to help police see through walls and around corners. Amongst its cornucopia of spy tech, Dublin firm Acustek provides a radar technology where panels are attached to a building using velcro. These read the electromagnetic waves coming through the walls and pick up on moving targets within, relaying the information to agents’ mobile devices.

Irish charmer Alasdair Carwood, director of Acustek, shows me a quiet drill that slowly bores holes through walls, using slow revolutions and high torque as well as diamond drill bits for piercing tough materials. The drill leaves a 1mm hole at the end, through which a fibrescope can collect visuals from inside a building.

Drones are everywhere at Milipol. Unmanned Aerial Vehicles (UAVs) come in various shapes and sizes. There’s the Aero Surveillance Multi-Purpose Payload Launcher, designed to fire all kinds of munitions, from hygroscopic torches to explosives. There’s Altura Zenith, a Dutch firm that is supplying law enforcement with adaptable surveillance and gas and nuclear radiation detection drones. And there’s the all-weather, modular ,“plug & play” Aeraccess Q800X for “over-the-hill reconnaissance”.

And where there are drones, there are anti-drone systems. With long-distance cameras and microphones, both Squarehead Technologies and Dedrone are able to pick up on specific frequencies drones create when flying above and use HD cameras for when a UAV can be espied. As many drones are invisible to the naked eye, acoustics can be more effective for initial discovery of the flying machines.

Dedrone, a German firm, is creating a database of drone signatures - what it calls Drone-DNA - applied to a UAV by the DroneTracker’s . This is all accessible to customers from a cloud server hosted by Dedrone. There are around 1,000 drones currently in the database, I’m told, though the company is little over a year old. It’s detectors only work at up to 100 metres, which some might consider low, given most models can fly far higher. Rules proposed by US regulator the FAA would permit a drone to fly up to 500 feet (150 meters).

Squarehead Technologies, whom Carwood recommends I visit due to the significant range and accuracy of its directional microphones, does much the same with its Discovair product. It won’t talk to me about the power of its directional microphone, which Carwood suggests can pick out anyone in a crowd inside, say, a stadium, to listen in on their conversations. Indeed, Vibeke Jahr, COO and founder of the company, says listening into conversations when there is background noise is the stuff of Hollywood. But its drone detection has been able to pick up a UAV flying up to several hundred meters.

Moe says he believes we’re close to terrorist drone attacks, as already UAVs have been used to deliver illegal goods to prisons and it wouldn’t be difficult to add a more destructive payload to cheap, common machines. The Squarehead marketing material warns of explosives, and chemical and biological weapons attached to drones, as well as mobile and Wi-Fi hacking capabilities.

Jahr, a steely Nordic alpha male, is more modest, shying away from any histrionics. He’s unsure about some of the drone elimination technologies on offer on the showfloor too. Just around the corner is a company, MALOU Tech, that uses nets shot from cannons - imagine a soccer net packaged into a torch- or delivered by drones to take down dangerous UAVs.

There are ground robots too, but most are to test areas for toxicity and ground stability, or to disarm bombs. Few will be of use in covert operations. No one wants R2D2 on a spy mission.

*

I'm looking at a giant figure of what I can only assume is a poor imitation of The Predator and an attack dog. Over in the courtyard, the only source of natural air and light in Parc Des Expositions, many are enjoying the old French pastimes of smoking and drinking. There are some dummies scattered around the ground for some roleplay rescue missions. On another stand there are some pistols and automatics floating in water inside strange cylinders. There's some kind of laser-based shooting range.

People aren't here to just buy and sell, to justify huge budgets by buying up technologies that no one is sure can stop terrorist atrocities. They're here to have fun too.

I cover security and privacy for Forbes. I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice Motherboard, Wired and BBC.com, amongst many others. I was named BT Security Journalist ...